CVE-2026-8256

Devs Palace ERP Online mr-save cross site scripting

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79 CWE-94

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Productos afectados

Devs Palace · ERP Online

PoCs públicas encontradas — 1

cve_referenceolografix.org/acme/_poc/ERP_Online-POC1.gifno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://olografix.org/acme/_poc/ERP_Online-POC1.gif https://vuldb.com/submit/808527 https://vuldb.com/vuln/362553 https://vuldb.com/vuln/362553/cti